Threat Intel - Aqua Security’s Trivy Scanner Compromised
Basically, hackers took control of a popular security tool to steal sensitive information from users.
Aqua Security's Trivy scanner was compromised in a supply chain attack, leading to credential theft. This incident affects many users relying on the tool, highlighting significant security risks. Immediate action is required to secure environments and prevent further exploitation.
The Threat
In a significant supply chain attack, Aqua Security's widely used open-source vulnerability scanner, Trivy, was compromised. Attackers exploited compromised credentials to distribute malicious releases, turning a trusted security tool into a means for large-scale credential theft. This incident began in late February 2026 when a misconfiguration in Trivy's GitHub Actions environment allowed attackers to extract a privileged access token.
Despite Aqua Security's efforts to disclose the incident and rotate credentials on March 1, the remediation was incomplete. This oversight enabled the attackers to maintain access through still-valid credentials. On March 19, they escalated their attack by force-pushing malicious commits to numerous version tags in the aquasecurity/trivy-action repository, effectively injecting malicious code into existing workflows without detection.
Who's Behind It
The threat actor behind this attack has not been publicly identified, but their tactics indicate a sophisticated understanding of CI/CD environments. By leveraging compromised service accounts, they triggered automated release pipelines to publish a backdoored version of Trivy, designated as version 0.69.4. This version was designed to execute malicious payloads before legitimate scanning logic, allowing it to collect sensitive information from CI/CD environments without raising alarms.
The attack primarily targeted organizations using mutable version tags instead of pinned commit hashes, making it easier for the attackers to inject malicious code into workflows that were already in use. As a result, the attack affected numerous users relying on Trivy for vulnerability scanning.
Tactics & Techniques
The attackers employed several tactics to achieve their goals:
- Exploiting Misconfigurations: They took advantage of a misconfigured GitHub Actions environment to gain initial access.
- Malicious Code Injection: By force-pushing changes to version tags, they silently injected malware into existing workflows.
- Data Exfiltration: The malware collected sensitive information, including API tokens and cloud provider credentials, and exfiltrated this data to attacker-controlled infrastructure.
As the investigation continues, Aqua Security has collaborated with global incident response firm Sygnia to address the ongoing threat. Remediation efforts include removing malicious releases from distribution channels and conducting comprehensive credential revocations across all environments.
Defensive Measures
Organizations using Trivy are urged to take immediate action to secure their environments. Key recommendations include:
- Audit Environments: Review your systems for the compromised version of Trivy (v0.69.4) and update to known-safe releases (v0.69.2-v0.69.3).
- Rotate Secrets: Treat all secrets accessible to affected environments as exposed and execute immediate rotation.
- Monitor for Indicators: Proactively hunt for network and host-based indicators of compromise within your firewalls and SIEMs.
Aqua Security has acknowledged the critical role of the broader security community in addressing this incident. Collaboration with research teams has been essential in notifying downstream users and mitigating the fallout from this attack. As the situation evolves, organizations must remain vigilant and adapt their security practices to prevent similar incidents in the future.
Cyber Security News